Posts: 5

Topic: Authenticate ownCloud against iRedMails LDAP-Server

Hi there,

i'm using iRedMail 0.8.4 on Debian Squeeze since version 0.7.0 with 8 domains and 500 users and everything works fine. The LDAP could be of more use, so i decided to give the users some extra featuares by setting up ownCloud 5.0 -> http://owncloud.org, which is authenticating against the builtin LDAP-Server. So each user can login with his emailaddress and his password.It shouldn't matter if it runs on the same server as iRedMail or which distro you use. I'm using an extra server with a fresh debian wheezy for that.

You should configure your Apache and you might want to force SSL like this -> http://wiki.apache.org/httpd/RewriteHTTPToHTTPSDon't forgert to restart Apache.Access the install wizard https://your-ip/owncloudClick on the Advanced options to show the configuration options. You may enter admin credentials and let ownCloud create its own database user, or enter a preconfigured user for the database.

Now log into ownCloud as the admin user, go to the upper right corner, then click APPS. Enable "LDAP user and group backend", you might also want to enable some other usefull featuares, like externat storage and Antivirus, too.Now go back to the menu and click ADMIN, and you'll find the LDAP-Section.After installation of your iRedMail-server you got a summary of passwords, accounts and settings, you'll need those information now:

Re: Authenticate ownCloud against iRedMails LDAP-Server

The mailing list created by iRedMail uses 'objectClass=mailList', not posixGroup.

Alright, thanks, works even finer now. I'm not so deep into ldap ...

Why TLS must be disabled? Any error message?

Warning PHP ldap_start_tls(): Unable to start TLS: Connect errorI need to import the certificates on the seperate owncloud-server, on the same server it would have worked out of the box, i guess. Do you know exactly which certificate (/etc/ssl/certs/iRedMail_CA.pem) to which location on the ownCloud-server, to make it work with php ?

Re: Authenticate ownCloud against iRedMails LDAP-Server

iRedMail creates two files for SSL certificate on Debian during installation:

- /etc/ssl/certs/iRedMail_CA.pem- /etc/ssl/private/iRedMail.key

You can use them. But i'm not familiar with OwnCloud and PHP, sorry.

I played around a little - for my purpose the Group Filter works better as a domin filter, since the people in the maildomains are coworkers and like to share spaces in their group, so i now use :

Group Filter : objectClass=mailDomain

TLS works now fine, too. I had to copy over the mentioned .pem to the ownCloud-serverOn ownCloud-server:# scp root@ip-of-iRedMail-server:/etc/ssl/certs/iRedMail_CA.pem /etc/ssl/certs/Note: the whole chain has to be in that file.

Then, add following to /etc/ldap/ldap.conf:BASE dc=example,dc=orgURI ldap://mail.gugw.tu-darmstadt.de:389TLS_CACERT /etc/ssl/certs/iRedMail_CA.pemTLS_CACERTDIR /etc/ssl/certsNote: see /etc/ldap/ldap.conf on iRedMail-server and use the fqdn

Activate TLS in ADMIN-Section of ownCloud, use fqdn for hostname, too, then test and save.